Logging fixes

Author: stevebux

infrastructure/terraform/components/api/README.md

@@ -37,7 +37,7 @@ No requirements.
 | <a name="input_project"></a> [project](#input\_project) | The name of the tfscaffold project | `string` | n/a | yes |
 | <a name="input_region"></a> [region](#input\_region) | The AWS Region | `string` | n/a | yes |
 | <a name="input_shared_infra_account_id"></a> [shared\_infra\_account\_id](#input\_shared\_infra\_account\_id) | The AWS Account ID of the shared infrastructure account | `string` | `"000000000000"` | no |
-| <a name="input_sns_success_logging_sample_percent"></a> [sns\_success\_logging\_sample\_percent](#input\_sns\_success\_logging\_sample\_percent) | Enable SNS Delivery Successful Sample Percentage | `number` | `0` | no |
+| <a name="input_sns_success_logging_sample_percent"></a> [sns\_success\_logging\_sample\_percent](#input\_sns\_success\_logging\_sample\_percent) | Enable SNS Delivery Successful Sample Percentage | `number` | `100` | no |
 ## Modules
 
 | Name | Source | Version |

infrastructure/terraform/components/api/variables.tf

@@ -179,7 +179,7 @@ variable "enable_sns_delivery_logging" {
 variable "sns_success_logging_sample_percent" {
   type        = number
   description = "Enable SNS Delivery Successful Sample Percentage"
-  default     = 0
+  default     = 100
 }
 
 variable "enable_api_data_trace" {

infrastructure/terraform/modules/eventsub/cloudwatch_log_group_sns_delivery_logging_failure.tf

@@ -7,3 +7,13 @@ resource "aws_cloudwatch_log_group" "sns_delivery_logging_failure" {
   kms_key_id        = var.kms_key_arn
   retention_in_days = var.log_retention_in_days
 }
+
+resource "aws_cloudwatch_log_group" "amendments_sns_delivery_logging_failure" {
+  count = var.enable_sns_delivery_logging ? 1 : 0
+
+  # SNS doesn't allow specifying a log group and is derived as: sns/${region}/${account_id}/${name_of_sns_topic}/Failure
+  # (for failure logs)
+  name              = "sns/${var.region}/${var.aws_account_id}/${local.csi}/Failure"
+  kms_key_id        = var.kms_key_arn
+  retention_in_days = var.log_retention_in_days
+}

infrastructure/terraform/modules/eventsub/cloudwatch_log_group_sns_delivery_logging_success.tf

@@ -7,3 +7,13 @@ resource "aws_cloudwatch_log_group" "sns_delivery_logging_success" {
   kms_key_id        = var.kms_key_arn
   retention_in_days = var.log_retention_in_days
 }
+
+resource "aws_cloudwatch_log_group" "amendments_sns_delivery_logging_success" {
+  count = var.enable_sns_delivery_logging ? 1 : 0
+
+  # SNS doesn't allow specifying a log group and is derived as: sns/${region}/${account_id}/${name_of_sns_topic}
+  # (for success logs)
+  name              = "sns/${var.region}/${var.aws_account_id}/${local.csi}"
+  kms_key_id        = var.kms_key_arn
+  retention_in_days = var.log_retention_in_days
+}

infrastructure/terraform/modules/eventsub/iam_policy_sns_delivery_logging_cloudwatch.tf

@@ -39,6 +39,10 @@ data "aws_iam_policy_document" "sns_delivery_logging_cloudwatch" {
       "${aws_cloudwatch_log_group.sns_delivery_logging_success[0].arn}:log-stream:*",
       aws_cloudwatch_log_group.sns_delivery_logging_failure[0].arn,
       "${aws_cloudwatch_log_group.sns_delivery_logging_failure[0].arn}:log-stream:*",
+      aws_cloudwatch_log_group.amendments_sns_delivery_logging_success[0].arn,
+      "${aws_cloudwatch_log_group.sns_delivery_logging_success[0].arn}:log-stream:*",
+      aws_cloudwatch_log_group.amendments_sns_delivery_logging_failure[0].arn,
+      "${aws_cloudwatch_log_group.sns_delivery_logging_failure[0].arn}:log-stream:*",
     ]
   }
 }